Skip to Content
Technical Articles

HTTPS tracing and debugging: (2) On-prem to cloud

This is the first of four scenarios, covered by the post series:
“HTTPS tracing and debugging: A simple way “

Let’s continue with our second scenario, an HTTPS connection from an on-prem system and a cloud system (PI and CPI in this example). It is important to understand a big difference with respect to the previous example. On this occasion, the HTTPS connection will result in us needing to break the sequence of certificates. Otherwise, we would only see gibberish in the proxy or we simply will not be able to establish a communication. There is another option, using a reverse proxy, I will provide more details in the cloud to cloud scenario.

Calling an iFlow in CPI from a web service exposed in SAP PI.

Regarding this example, we will use a simple “echo” iFlow, where CPI will respond an XML with the exchange data generated by an HTTP request. In PI, we will use a SOAP->HTML scenario without mappings. The iflow CPI Snipet and the XSD used by PI can be found in the last section of this blog.

1.- Obtaining proxy certificates

The first time you run mitmproxy or mitmweb, a certificate will be automatically generated in our home folder (under the subfoder /.mitmproxy).

2.- Upload of the certificate in SAP PI

According to the recommended and standard configuration, SAP PI needs the certificate to be loaded before establishing a communication. Upload the certificate from step one into your TrustedCAs

3.- Create the scenarios in SAP PI and CPI

4.- Start the proxy

Please, note that the we are now opening the Proxy sing the port 9090 instead of the default 8080 port.

5.- Configure the PI HTTP Receiver communication channel.

A few comments here:

a.- Check the “Use SSL” flag.

b.- Check the “Use Proxy” flag. SAP PI -must- be able to reach your IP/ hostname.

6.- Call to the WEB service and wait the results

7.- Finally…Verify the proxy!

 

As in the previous post, think about what just happened. An HTTP connection was diverted to our proxy and the certificate split so we were able to see the whole content of the request and the response.

Next scenario:

3rd scenario: Cloud to On-Prem

 

Ariel Bravo Ayala

Be the first to leave a comment
You must be Logged on to comment or reply to a post.